Major cybersecurity breaches and data leaks in 2018; business as usual

Major cybersecurity breaches- December every year, TechTalks publishes a roundup of the biggest cybersecurity incidents of that year and 2018 is no exception. Although there hasn’t been much of (at least publicized) government leaks and global ransomware attacks like last year, the online community of major brands from virtually every sector made sure to compensate for their public counterparts’ unhackability.

Marriott International: Massive data breach

Late in November Marriott revealed that a hack that began four years ago had exposed the records of about 500 million customers of its Starwood hotels reservation system.

Marriott is the world’s largest hotel operator and its Starwood system includes famous brands like Sheraton, Westin, Le Meridien, and Tribute among others.

While investigations are ongoing, the main suspect in this case is China and it seems that the motives behind the attack are more of the intelligence gathering nature and less financial.

The hack that began in 2014, looks similar to hacks that the Chinese government was conducting in 2014 as part of its intelligence operations, according to Robert Anderson, former senior FBI official.

“Think of the depth of knowledge they could now have about travel habits or who happened to be in a certain city at the same time as another person,” said Anderson, who served as FBI executive assistant director until 2015.

According to Michael Sussman, a former senior DoJ official for its computer crimes section, the long duration of the campaign was an indicator that the hackers were seeking data for intelligence and not information to use in cyber crime plots.

“One clue pointing to a government attacker is the amount of time the intruders were working quietly inside the network,” he said. “Patience is a virtue for spies, but not for criminals trying to steal credit card numbers.”

Data exposures by Exactis and Twitter

Data exposures occur when data is stored improperly on the open internet where anyone can access it with no or minimal authentication. It can happen through a misconfigured database or other storage mechanism or be due to software bugs that lead to data storage in unintended places or wrong formats.

The former was the case with Exactis, a marketing and data aggregation firm, which left two terabytes of personal information of more than 300 million of U.S. adults exposed—more than the Equifax data breach. Although the data didn’t include social security numbers or credit card information, it was a trove that hackers of different ideology and motivation can put to nefarious use.

One alarming fact about this data breach is that the company hasn’t been known to anyone but insiders before the breach. Its page on English wikipedia has been created right after the breach in June 2018, doesn’t contain anything about the company but the data breach and ridiculously starts by saying that, “Exactis became notable in June 2018,” after Vinny Troja, a cybersecurity researcher revealed that the records were on a publicly accessible server.

Read More Here

Article Credit: TechTalks

The post Major cybersecurity breaches and data leaks in 2018; business as usual appeared first on erpinnews.